Permissions: use "read" permission in the read_many method

[anikachurilova]

The problem:
when passing a user in the expanded, the profile visibility is not being taken into account. As a result, we are exposing users' profiles even if they configured it as hidden.

Known places where this is happening (need to check all the places): community members and invitations, share access of a record to users. In these 2 cases, searching for a user, that has profile visibility hidden is not possible (the search is working fine), but in case an invitation/grant already exists and then user changes permission, the user's profile is still exposed (the expanded user is not taking this to account).

In the _read_many method, the search permission is being checked, which allows the search for all authenticated users, without checking the visibility of a profile.

Note: users search is working fine, as it checks the permission for search and then for each user of the search result it checks for the read permission. User read method is also fine as it also checks for the read permission.

Steps of action:

1. Evaluate all the places where this read_many method is used (this is the RecordService class method, so in a lot of places) in the UI and in the REST API
2. Fix the read permission
3. Provide a solution for all those places to not expose the user's profile (how it will look like in the UI, what will we return in the api responses).

• For the community members and invitations and share access of a record to users --> was discussed to still show some information of a user to the community/record owner, despite for hidden profile visibility. This is because the owner must know who has access to his records and communities.
  To ensure that the user, who is trying to hide his profile, knows that he will still be seen in some cases, list the consequences in the profile update page (to be discussed on how this looks like)

[github-actions]

This issue was automatically marked as stale.